NIST CSF 2.0 · All Functions · RS Respond · RS.MA Incident Management

RS.MA-05

Implementation examples

• Ex1: Apply incident recovery criteria to known and assumed characteristics of the incident to determine whether incident recovery processes should be initiated
• Ex2: Take the possible operational disruption of incident recovery activities into account

Mapped NIST 800-53 r5 controls (2)

All informative references (30)

• AI-SOC: AI-SOC-12
• AI-SOC: AI-SOC-04
• CCMv4.0: SEF-02
• CIS Controls v8.0: 17.9
• CIS Controls v8.1: 17.9
• CRI Profile v2.0: RS.MA-05
• CRI Profile v2.0: RS.MA-05.01
• ISO/IEC 27001:2022: Mandatory Clause: None
• ISO/IEC 27001:2022: Annex A Controls: 5.25
• NICE Framework: IO-WRL-005
• NICE Framework: IO-WRL-007
• NICE Framework: OG-WRL-007
• NICE Framework: OG-WRL-010
• NICE Framework: OG-WRL-015
• NICE Framework: PD-WRL-001
• NICE Framework: PD-WRL-003
• OWASP Top 10 LLM Applications: LLM04-2025
• PCI DSS: 12.10.1
• PCI DSS: 12.10.2
• PCI DSS: 12.10.6
• SCF: BCD-01
• SDOS: SDOS-AU-01
• SDOS: SDOS-RM-01
• SDOS: SDOS-RS-01
• SP 800-171 Rev 3: 03.06.01
• SP 800-171 Rev 3: 03.06.05
• SP 800-53 Rev 5.1.1: IR-04
• SP 800-53 Rev 5.1.1: IR-08
• SP 800-53 Rev 5.2.0: IR-04
• SP 800-53 Rev 5.2.0: IR-08

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).